Some internet-facing databases could have been overlooked digital assets misconfigured to be unintentionally exposed to the open web: report

According to a data set analysis by a cybersecurity firm, the number of databases exposed to the open web between Q1 2021 and Q1 2022 had increased by 12%. Also, most of the exposed databases discovered in the data period were running on the Redis database management system. 

In the 2021 data alone, there were 308,000 global incidents of databases exposed to the open web. The study data showed that the number of public-facing databases had kept growing almost every quarter since the beginning of 2021 to reach a peak in Q1 2022.  

Meanwhile, for the South-east Asian region, data showed that from Q1 2021 up to the Q1 2022, Singapore had a total of 7,873 public-facing exposed databases—positioning the country in sixth place among 10 countries with the highest number of Internet-facing exposed databases.

Other findings

The data analysis by Group-IB involved scanning the entire IPv4 and identifying external-facing assets hosting exposed databases, malware or phishing panels, and JS-sniffers. The instances of unsecured internet-facing databases showed other trends: 

  • In H2 2021, the number of exposed databases was 14% higher than in Q1. This increase hit a peak in Q1 2022.
  • In Q1 2021, it took an average of 170.2 days for an exposed database owner to fix the issue. The average time was decreasing gradually over 2021, but it climbed back to the initial value of 170 in the first quarter of 2022. 
  • Country-wise, most of the databases discovered in the study to be exposed to the open web were located in the USA, followed by China, Germany, France, India, Singapore, Hong Kong, Russia, Japan and Italy.
  • As the pandemic progressed with more people having to work from home, corporate networks kept getting more complex and extended. This inevitably led to an increase in the number of public-facing assets that were not inventoried properly. In 2021, nearly US$1.2bn worth of penalties were issued against firms for violations of the GDPR. In many cases, a data breach started with a preventable security risk, such a database exposed to the open web. 
  • Group-IB noted that a public-facing database in the data did not necessarily mean it had been compromised or leaked with malicious intent. In most cases, internet-facing databases are an overlooked digital asset that has been misconfigured and thus unintentionally exposed to the open web. Unsecured Internet-facing databases could be very risky if the attackers access them before the company-owner has had a chance to discover the issue and take necessary actions.
  • When it comes to management of high-risk digital assets, timely discovery plays a key role as threat actors are quick in spotting a chance to steal sensitive information or advance further in the network.
  • Corporate digital assets that are not properly managed undermine security investment and increase the attack surface. The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured. 

According to the firm’s Attack Surface Management Product Lead, Tim Bobak: “A lot of security incidents can be prevented with very little effort and a good toolset. Last year, over 50% of our incident response engagements stemmed from a preventable, perimeter-based security error. A public facing database; an open port; or a cloud instance running vulnerable software—are all critical but ultimately avoidable risks. As the complexity of corporate networks keeps growing, all the companies need to have complete visibility over their attack surface.”